package si.yun.web;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import si.yun.web.handler.MyService;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

/**
 * @ClassName:
 * @Description: TODO
 * @Author: 李振海
 * @Date 2021/9/30 9:14
 */
@Service
public class MyServiceImpl implements MyService {

    @Override
    public boolean hashPermission(HttpServletRequest request, Authentication authentication) {
        //获取主体
       Object obj=authentication.getPrincipal();
       //判断主体是否属于UserDetails
       if(obj instanceof UserDetails){
           //获取权限
           UserDetails userdetails= (UserDetails) obj;
           Collection<? extends GrantedAuthority> authorities=userdetails
                   .getAuthorities();
           //判断请求得uri是否在权限内,
           return authorities.contains(new SimpleGrantedAuthority(request.getRequestURI()));
       }

        return false;
    }
}
